#
# Format:
#
# var_name
# TYPE
# description (or NULL)
# array of struct def_values if TYPE == T_TUPLE
#
# NOTE: for tuples that can be used in a boolean context the first
# value corresponds to boolean FALSE and the second to TRUE.
#
syslog
T_LOGFAC|T_BOOL
"Syslog facility if syslog is being used for logging: %s"
syslog_goodpri
T_LOGPRI
"Syslog priority to use when user authenticates successfully: %s"
syslog_badpri
T_LOGPRI
"Syslog priority to use when user authenticates unsuccessfully: %s"
long_otp_prompt
T_FLAG
"Put OTP prompt on its own line"
ignore_dot
T_FLAG
"Ignore '.' in $PATH"
mail_always
T_FLAG
"Always send mail when sudo is run"
mail_badpass
T_FLAG
"Send mail if user authentication fails"
mail_no_user
T_FLAG
"Send mail if the user is not in sudoers"
mail_no_host
T_FLAG
"Send mail if the user is not in sudoers for this host"
mail_no_perms
T_FLAG
"Send mail if the user is not allowed to run a command"
tty_tickets
T_FLAG
"Use a separate timestamp for each user/tty combo"
lecture
T_TUPLE|T_BOOL
"Lecture user the first time they run sudo"
never once always
lecture_file
T_STR|T_PATH|T_BOOL
"File containing the sudo lecture: %s"
authenticate
T_FLAG
"Require users to authenticate by default"
root_sudo
T_FLAG
"Root may run sudo"
log_host
T_FLAG
"Log the hostname in the (non-syslog) log file"
log_year
T_FLAG
"Log the year in the (non-syslog) log file"
shell_noargs
T_FLAG
"If sudo is invoked with no arguments, start a shell"
set_home
T_FLAG
"Set $HOME to the target user when starting a shell with -s"
always_set_home
T_FLAG
"Always set $HOME to the target user's home directory"
path_info
T_FLAG
"Allow some information gathering to give useful error messages"
fqdn
T_FLAG
"Require fully-qualified hostnames in the sudoers file"
insults
T_FLAG
"Insult the user when they enter an incorrect password"
requiretty
T_FLAG
"Only allow the user to run sudo if they have a tty"
env_editor
T_FLAG
"Visudo will honor the EDITOR environment variable"
rootpw
T_FLAG
"Prompt for root's password, not the users's"
runaspw
T_FLAG
"Prompt for the runas_default user's password, not the users's"
targetpw
T_FLAG
"Prompt for the target user's password, not the users's"
use_loginclass
T_FLAG
"Apply defaults in the target user's login class if there is one"
set_logname
T_FLAG
"Set the LOGNAME and USER environment variables"
stay_setuid
T_FLAG
"Only set the effective uid to the target user, not the real uid"
preserve_groups
T_FLAG
"Don't initialize the group vector to that of the target user"
loglinelen
T_UINT|T_BOOL
"Length at which to wrap log file lines (0 for no wrap): %d"
timestamp_timeout
T_FLOAT|T_BOOL
"Authentication timestamp timeout: %.1f minutes"
passwd_timeout
T_FLOAT|T_BOOL
"Password prompt timeout: %.1f minutes"
passwd_tries
T_UINT
"Number of tries to enter a password: %d"
umask
T_MODE|T_BOOL
"Umask to use or 0777 to use user's: 0%o"
logfile
T_STR|T_BOOL|T_PATH
"Path to log file: %s"
mailerpath
T_STR|T_BOOL|T_PATH
"Path to mail program: %s"
mailerflags
T_STR|T_BOOL
"Flags for mail program: %s"
mailto
T_STR|T_BOOL
"Address to send mail to: %s"
mailfrom
T_STR|T_BOOL
"Address to send mail from: %s"
mailsub
T_STR
"Subject line for mail messages: %s"
badpass_message
T_STR
"Incorrect password message: %s"
timestampdir
T_STR|T_PATH
"Path to authentication timestamp dir: %s"
timestampowner
T_STR
"Owner of the authentication timestamp dir: %s"
exempt_group
T_STR|T_BOOL
"Users in this group are exempt from password and PATH requirements: %s"
passprompt
T_STR
"Default password prompt: %s"
passprompt_override
T_FLAG
"If set, passprompt will override system prompt in all cases."
runas_default
T_STR
"Default user to run commands as: %s"
secure_path
T_STR|T_BOOL
"Value to override user's $PATH with: %s"
editor
T_STR|T_PATH
"Path to the editor for use by visudo: %s"
listpw
T_TUPLE|T_BOOL
"When to require a password for 'list' pseudocommand: %s"
never any all always
verifypw
T_TUPLE|T_BOOL
"When to require a password for 'verify' pseudocommand: %s"
never all any always
noexec
T_FLAG
"Preload the dummy exec functions contained in 'noexec_file'"
noexec_file
T_STR|T_PATH
"File containing dummy exec functions: %s"
ignore_local_sudoers
T_FLAG
"If LDAP directory is up, do we ignore local sudoers file"
closefrom
T_INT
"File descriptors >= %d will be closed before executing a command"
closefrom_override
T_FLAG
"If set, users may override the value of `closefrom' with the -C option"
setenv
T_FLAG
"Allow users to set arbitrary environment variables"
env_reset
T_FLAG
"Reset the environment to a default set of variables"
env_check
T_LIST|T_BOOL
"Environment variables to check for sanity:"
env_delete
T_LIST|T_BOOL
"Environment variables to remove:"
env_keep
T_LIST|T_BOOL
"Environment variables to preserve:"
role
T_STR
"SELinux role to use in the new security context: %s"
type
T_STR
"SELinux type to use in the new security context: %s"
askpass
T_STR|T_PATH|T_BOOL
"Path to the askpass helper program: %s"
env_file
T_STR|T_PATH|T_BOOL
"Path to the sudo-specific environment file: %s"
sudoers_locale
T_STR
"Locale to use while parsing sudoers: %s"
visiblepw
T_FLAG
"Allow sudo to prompt for a password even if it would be visisble"
pwfeedback
T_FLAG
"Provide visual feedback at the password prompt when there is user input"
fast_glob
T_FLAG
"Use faster globbing that is less accurate but does not access the filesystem"
umask_override
T_FLAG
"The umask specified in sudoers will override the user's, even if it is more permissive"
log_input
T_FLAG
"Log user's input for the command being run"
log_output
T_FLAG
"Log the output of the command being run"
compress_io
T_FLAG
"Compress I/O logs using zlib"
use_pty
T_FLAG
"Always run commands in a pseudo-tty"